Abstract
Selection of security controls to be implemented is an essential part of the information security management process in an organization. There exist a number of readily available information security management system standards, including control catalogs, that could be tailored by the organizations to meet their security objectives. Still, it has been noted that many organizations tend to lack even the implementation of the fundamental security controls. At the same time, semantic wikis have become popular collaboration and information sharing platforms that have proven their strength as an effective way to distribute domain-specific information within an organization. This paper evaluates the adequacy of the semantic wiki as a security control catalog platform for building an information security knowledge base that would especially help small and medium-sized enterprises to develop and maintain their security baseline.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barlette Y, Fomin VV (2008) Exploring the suitability of IS security management standards for SMEs. In Proceedings of the 41st annual Hawaii international conference on system sciences, pp 308–308
BSI (2013) IT-Grundschutz Catalogues. German Federal Office for Information Security (BSI)
Elkaffas SM, Wagih AS (2013) Use of semantic wiki as a capturing tool for lessons learned in project management. In Proceedings of the science and information conference (SAI), pp 727–731
Fenz S, Heurix J, Neubauer T et al (2014) Current challenges in information security risk management. Inf Manag Comput Secur 22(5):410–430. https://doi.org/10.1108/IMCS-07-2013-0053
García R, Gil R, Gimeno JM et al (2010) Semantic wiki for quality management in software development projects. Iet Softw 4(6):386–395
Geisser M, Happel H, Hildenbrand T et al (2008) New applications for Wikis in software engineering. In: PRIMIUM
Gruber T (2009) Ontology. Encyclopedia of database systems. Springer, New York, pp 1963–1965
ISO/IEC 27001:2013 (2013) Information technology—Security techniques—Information security management systems—Requirements. ISO copyright office. Geneva, Switzerland
ISO/IEC 27002:2013 (2013) Information technology—Security techniques—Information security management systems—Code of practice for information security management. ISO/IEC
Khanom S, Heimbürger A, Kärkkäinen T (2015) Can icons enhance requirements engineering work? J Vis Languages Comput 28:147–162. https://doi.org/10.1016/j.jvlc.2014.12.011
Kleiner F, Abecker A, Brinkmann SF (2009) WiSyMon: managing systems monitoring information in semantic Wikis. In Proceedings of third international conference on advances in semantic processing, SEMAPRO’09, pp 77–85
Lahoud I, Monticolo D, Hilaire V (2014) A semantic Wiki to share and reuse knowledge into extended enterprise. In Proceedings of tenth international IEEE conference on signal-image technology and internet-based systems (SITIS), pp 702–708
Lyubimov A, Cheremushkin D, Andreeva N et al (2011) Information security integral engineering technique and its application in ISMS design. In Proceedings of sixth international conference on availability, reliability and security (ARES), pp 585–590
Neubauer T, Ekelhart A, Fenz S (2008) Interactive Selection of ISO 27001 controls under multiple objectives. In: Jajodia S, Samarati P, Cimato S (eds) Proceedings of the Ifip Tc 11 23rd international information security conference, vol 278. Springer, New York, pp 477–492
NIST Special Publication 800–39 (2011) Managing Information Security Risk: Organization, Mission, and Information System View
NIST Special Publication 800-53 Revision 4 (2013) Security and Privacy Controls for Federal Information Systems and Organizations
Ross R (2007) Managing enterprise security risk with NIST standards. Computer 40(8):88–91. https://doi.org/10.1109/MC.2007.284
Yeniman Yildirim E, Akalp G, Aytac S et al (2011) Factors influencing information security management in small—and medium-sized enterprises: a case study from Turkey. Int J Inf Manage 31(4):360–365. https://doi.org/10.1016/j.ijinfomgt.2010.10.006
Yao Y, Ma X, Liu H et al (2014) A semantic knowledge base construction method for information security. In Proceedings of the IEEE 13th international conference on trust, security and privacy in computing and communications (TrustCom), pp 803–808
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer International Publishing AG, part of Springer Nature
About this chapter
Cite this chapter
Nykänen, R., Kärkkäinen, T. (2018). Tailorable Representation of Security Control Catalog on Semantic Wiki. In: Lehto, M., Neittaanmäki, P. (eds) Cyber Security: Power and Technology. Intelligent Systems, Control and Automation: Science and Engineering, vol 93. Springer, Cham. https://doi.org/10.1007/978-3-319-75307-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-75307-2_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-75306-5
Online ISBN: 978-3-319-75307-2
eBook Packages: EngineeringEngineering (R0)